FW/IPSec VPN Buyer’s Guide
Quick Checklist
This section builds upon the framework for evaluating firewall and VPN products that was described in the previous section, providing a quick checklist of some of the top questions to pose in each criteria category. For more in- depth questions that enable a
1.Provide Strong Security
• Does the solution integrate
oHow long have the technologies been in the market?
oAre there any third party verifications of viability available?
oAre the technologies based on open source solutions?
•Does the solution provide strong access control – stateful inspection?
•What kind of user authentication does the solution support?
•What
oDoS attacks
oDDoS attacks
•Does it have the ability to make determinations on whether to allow or deny traffic based on application- layer information?
oWhat kind of
oWhat kind of
•What kind of encryption does the VPN support?
•Can the solution apply policies to internal traffic to establish additional layers of trust and contain attacks?
•What type of security certifications does the product have?
•What kind of platform is the solution built on?
oIs it a
•Can the solution scale to meet the different security needs of small to large sites?
2.Offer Predictable Performance
•What are the performance (large and small packet size) capabilities of the solution to ensure that performance remains predictable?
•What has the solution done to optimize its traffic processing?
•How does the solution minimize latency to ensure
•How does the solution handle very fast session ramp rates to protect against DoS attacks?
•How does the architecture of the solution enable performance under load?
•How does the solution handle multiple concurrent sessions to ensure user connectivity is not lost or slowed?
•How does the solution accommodate additional functionality, without degrading performance?
•How does the solution accelerate the VPN negotiation to set up the VPN tunnels to make the time imperceptible to the user?
•How can the solution quickly create and then maintain VPN tunnels to ensure they are always available for the user?
Copyright © 2004, Juniper Networks, Inc. | 6 |